US20140245445A1 - Preventing Propagation Of Hardware Viruses In A Computing System - Google Patents

Preventing Propagation Of Hardware Viruses In A Computing System Download PDF

Info

Publication number
US20140245445A1
US20140245445A1 US13/778,372 US201313778372A US2014245445A1 US 20140245445 A1 US20140245445 A1 US 20140245445A1 US 201313778372 A US201313778372 A US 201313778372A US 2014245445 A1 US2014245445 A1 US 2014245445A1
Authority
US
United States
Prior art keywords
computing device
connector
attachable
determining
damaged
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/778,372
Other versions
US9251346B2 (en
Inventor
Shiva R. Dasari
Sudhir Dhawan
Raghuswamyreddy Gundam
Joshua H. Israel
Karthik Kolavasi
Newton P. Liu
Douglas W. Oliver
Mehul M. Shah
Wingcheung Tam
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo International Ltd
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US13/778,372 priority Critical patent/US9251346B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: DHAWAN, SUDHIR, ISRAEL, JOSHUA H., Dasari, Shiva R., GUNDAM, RAGHUSWAMYREDDY, KOLAVASI, KARTHIK, LIU, NEWTON P., OLIVER, DOUGLAS W., SHAH, MEHUL M., TAM, WINGCHEUNG
Publication of US20140245445A1 publication Critical patent/US20140245445A1/en
Assigned to LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD. reassignment LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: INTERNATIONAL BUSINESS MACHINES CORPORATION
Application granted granted Critical
Publication of US9251346B2 publication Critical patent/US9251346B2/en
Assigned to LENOVO INTERNATIONAL LIMITED reassignment LENOVO INTERNATIONAL LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.
Assigned to LENOVO INTERNATIONAL LIMITED reassignment LENOVO INTERNATIONAL LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE LTD.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/561Virus type analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3065Monitoring arrangements determined by the means or processing involved in reporting the monitored data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/86Secure or tamper-resistant housings

Definitions

  • the field of the invention is data processing, or, more specifically, methods, apparatus, and products for preventing propagation of hardware viruses in a computing system.
  • Modern computing systems can take on a variety of form factors and can frequently be augmented by adding attached components.
  • a blade center that includes a plurality of blade servers.
  • Such computing systems may be vulnerable to a hardware virus that causes hardware components of the computing system to be damaged.
  • a hardware virus can include a damaged connector on the midplane of the blade chassis such that any blade server that is plugged into that slot will become damaged.
  • a bent pin on the midplane connector can damage, or infect, the corresponding connector on any blade server that is being plugged in to the damaged connector.
  • any blade server that is infected with a hardware virus can damage the midplane connector when the damaged blade server is plugged in to the midplane connector. In such a way, the hardware virus can spread to other hardware components in the computing system.
  • Methods, apparatus, and products for preventing propagation of hardware viruses in a computing system including: determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper; determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
  • FIG. 1 sets forth a diagram of an example computing system capable of preventing propagation of hardware viruses according to embodiments of the present invention.
  • FIG. 2 sets forth a block diagram of automated computing machinery comprising an example blade management module useful in preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 3 sets forth a flow chart illustrating an example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 4 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 5 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 1 sets forth a diagram of an example computing system capable of preventing propagation of hardware viruses according to embodiments of the present invention.
  • the computing system of FIG. 1 includes a blade center ( 102 ) that is coupled for data communications through a network ( 100 ) to a remote management terminal ( 105 ) operated by a user ( 101 ) such as a system administrator.
  • FIG. 1 is embodied as a two-bay chassis ( 104 , 106 ) that includes a plurality of blade servers ( 124 ), one or more blade management modules ( 152 ), a media tray ( 122 ), and a blade server system power supply ( 132 ).
  • the blade management module ( 152 ) includes one or more software and hardware components and one or more computer processors and computer memory.
  • the blade management module ( 152 ) provides system management functions for all components in the example blade center ( 102 ) including the blade servers ( 124 ) and the media tray ( 122 ).
  • the blade servers ( 124 ), which are installed in the cabinet bay ( 104 ) of the exemplary blade center ( 102 ) in the example of FIG. 1 are several computing devices implemented in blade form factor.
  • the blade servers share access to the media tray ( 122 ).
  • the blade servers ( 124 ) are connected to one another and to the blade management module ( 152 ) for data communications through a local area network (‘LAN’) ( 103 ).
  • the LAN ( 103 ) is a small network installed within the chassis of the blade center.
  • the media tray ( 122 ) houses non-volatile memory media and also makes available connections for user input devices such as mice or keyboards ( 181 ) that are not generally connected directly to the blade servers or to the blade center chassis.
  • a media tray may typically include Compact Disc read-only media drives (‘CD-ROM’), Digital Video Disc ROM drives (DVD-ROM), CD-RW drives, DVD-RW drives, floppy disk drives, and so on as will occur to those of skill in the art.
  • the arrangement of the blade center ( 192 ), the remote management terminal ( 105 ), the networks ( 100 , 103 ), and other devices making up the exemplary system illustrated in FIG. 1 are for explanation, not for limitation.
  • Data processing systems useful according to various embodiments of the present invention for preventing propagation of hardware viruses may include additional servers, routers, and other devices, not shown in FIG. 1 , as will occur to those of skill in the art.
  • Networks in such data processing systems may support many data communications protocols, including for example TCP (Transmission Control Protocol), IP (Internet Protocol), HTTP (HyperText Transfer Protocol), WAP (Wireless Access Protocol), HDTP (Handheld Device Transport Protocol), and others as will occur to those of skill in the art.
  • Various embodiments of the present invention may be implemented on a variety of hardware platforms in addition to those illustrated in FIG. 1 .
  • FIG. 2 sets forth a block diagram of automated computing machinery comprising an example blade management module ( 152 ) useful in preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • the blade management module ( 152 ) of FIG. 2 includes at least one computer processor ( 256 ) or ‘CPU’ as well as random access memory ( 268 ) (‘RAM’) which is connected through a high speed memory bus ( 266 ) and bus adapter ( 258 ) to processor ( 256 ) and to other components of the blade management module ( 152 ).
  • RAM ( 268 ) Stored in RAM ( 268 ) is a hardware virus detection module ( 302 ), a module of computer program instructions for preventing propagation of hardware viruses in a computing system. Also stored in RAM ( 268 ) is an operating system ( 254 ). Operating systems useful preventing propagation of hardware viruses in a computing system according to embodiments of the present invention include UNIXTM, LinuxTM, Microsoft XPTM, AIXTM, IBM's i5/OSTM, and others as will occur to those of skill in the art. The operating system ( 254 ) and the hardware virus protection module ( 302 ) in the example of FIG. 2 are shown in RAM ( 268 ), but many components of such software typically are stored in non-volatile memory also, such as, for example, on a disk drive ( 270 ).
  • the blade management module ( 152 ) of FIG. 2 includes disk drive adapter ( 272 ) coupled through expansion bus ( 260 ) and bus adapter ( 258 ) to processor ( 256 ) and other components of the blade management module ( 152 ).
  • Disk drive adapter ( 272 ) connects non-volatile data storage to the blade management module ( 152 ) in the form of disk drive ( 270 ).
  • Disk drive adapters useful in computers for [preamble] according to embodiments of the present invention include Integrated Drive Electronics (‘IDE’) adapters, Small Computer System Interface (‘SCSI’) adapters, and others as will occur to those of skill in the art.
  • IDE Integrated Drive Electronics
  • SCSI Small Computer System Interface
  • Non-volatile computer memory also may be implemented for as an optical disk drive, electrically erasable programmable read-only memory (so-called ‘EEPROM’ or ‘Flash’ memory), RAM drives, and so on, as will occur to those of skill in the art.
  • EEPROM electrically erasable programmable read-only memory
  • Flash RAM drives
  • the example blade management module ( 152 ) of FIG. 2 includes one or more input/output (‘I/O’) adapters ( 278 ).
  • I/O adapters implement user-oriented input/output through, for example, software drivers and computer hardware for controlling output to display devices such as computer display screens, as well as user input from user input devices ( 281 ) such as keyboards and mice.
  • the example blade management module ( 152 ) of FIG. 2 includes a video adapter ( 209 ), which is an example of an I/O adapter specially designed for graphic output to a display device ( 280 ) such as a display screen or computer monitor.
  • Video adapter ( 209 ) is connected to processor ( 256 ) through a high speed video bus ( 264 ), bus adapter ( 258 ), and the front side bus ( 262 ), which is also a high speed bus.
  • the example blade management module ( 152 ) of FIG. 2 includes a communications adapter ( 267 ) for data communications with other computers ( 282 ) and for data communications with a data communications network ( 200 ).
  • a communications adapter 267
  • data communications may be carried out serially through RS-232 connections, through external buses such as a Universal Serial Bus (‘USB’), through data communications networks such as IP data communications networks, and in other ways as will occur to those of skill in the art.
  • Communications adapters implement the hardware level of data communications through which one computer sends data communications to another computer, directly or through a data communications network.
  • Examples of communications adapters useful for preventing propagation of hardware viruses in a computing system include modems for wired dial-up communications, Ethernet (IEEE 802.3) adapters for wired data communications network communications, and 802.11 adapters for wireless data communications network communications.
  • FIG. 3 sets forth a flow chart illustrating an example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • the computing system ( 300 ) may be embodied as a blade center that includes a blade chassis and a plurality of blade servers installed in the blade chassis.
  • the computing system of FIG. 3 also includes a hardware virus detection module ( 302 ).
  • the hardware virus detection module ( 302 ) may be embodied as automated computing machinery that includes computer program instructions executing on computer hardware.
  • the hardware virus detection module ( 302 ) may include computer program instructions that are stored in read-only memory attached to a midplane of the blade center, as computer program instructions that are included as part of a management module that manages the operations performed in the blade center, and in other ways as will occur to those of skill in the art.
  • the example method of FIG. 3 includes determining ( 304 ), by the hardware virus detection module ( 302 ), whether an empty connector ( 320 ) in the computing system ( 300 ) is damaged.
  • the empty connector ( 320 ) in the computing system ( 300 ) may be embodied, for example, as a connector in a slot configured to receive a blade server.
  • the empty connector ( 320 ) may include a male jack, a female jack, or may be embodied in another form factor of connector configured to connect an attachable computing device such as a blade server to the computing system ( 300 ).
  • the empty connector ( 320 ) is blocked from receiving an attachable computing device ( 324 ) by a bumper ( 322 ).
  • the bumper ( 322 ) of FIG. 3 may be embodied as a physical obstacle that prevents the empty connector ( 320 ) from receiving an attachable computing device ( 324 ).
  • the bumper ( 322 ) of FIG. 3 may be embodied as a retractable pin or plate that prevents the insertion of a blade server into a slot in a blade chassis for receiving a blade server.
  • the retractable pin or plate may be in an un-retracted state such an attachable computing device ( 324 ) cannot be inserted into the empty connector ( 320 ) until the integrity of the empty connector ( 320 ) and the attachable computing device ( 324 ) has been verified.
  • determining ( 304 ) whether an empty connector ( 320 ) in the computing system ( 300 ) is damaged may be carried out, for example, through the use of an image sensor that is controlled by the hardware virus detection module ( 302 ).
  • the hardware virus detection module ( 302 ) may be configured to control the operation of the image sensor to capture an image of the empty connector ( 320 ) and compare the captured image of the empty connector ( 320 ) to an image of an undamaged connector of the same type.
  • the hardware virus detection module ( 302 ) can identify missing pins on the empty connector ( 320 ), bent pins on the empty connector ( 320 ), and other forms of damage to the empty connector ( 320 ) as will occur to those of skill in the art.
  • the example method of FIG. 3 also includes determining ( 308 ), by the hardware virus detection module ( 302 ), whether a connector ( 326 ) for the attachable computing device ( 324 ) is damaged.
  • determining ( 308 ) whether a connector ( 326 ) for the attachable computing device ( 324 ) is damaged may be carried out, for example, upon an attempt to insert the attachable computing device ( 324 ) into the empty connector ( 320 ).
  • the attachable computing device ( 324 ) is a blade server and the empty connector ( 320 ) is a connector in a slot of a blade chassis for receiving a blade server.
  • a system administrator will not be able to insert the blade server into the slot of the blade chassis because physical access to the empty connector ( 320 ) is blocked by the bumper ( 322 ). Bringing the blade server within a predetermined distance of the bumper ( 322 ), however, may cause a scan of the attachable computing device ( 324 ) to be initiated.
  • the hardware virus detection module ( 302 ) may be configured to control the operation of the image sensor to capture an image of the connector ( 326 ) of the attachable computing device ( 324 ) and to compare the captured image of the connector ( 326 ) of the attachable computing device ( 324 ) to an image of an undamaged connector of the same type.
  • the hardware virus detection module ( 302 ) can identify missing pins on the connector ( 326 ) of the attachable computing device ( 324 ), bent pins on the connector ( 326 ) of the attachable computing device ( 324 ), and other forms of damage to the connector ( 326 ) of the attachable computing device ( 324 ) as will occur to those of skill in the art.
  • damage to connectors may be detected in other ways.
  • damage to connectors may be detected through the use of an image sensor and a light to compare the reflection profile of a connector to a template.
  • Other contemplated techniques include the use of an electrical source to identify an electrical short that results from damage to a connector, the use of mechanical techniques to compare the mechanical properties of a connector a profile, and so on.
  • the example method of FIG. 3 also includes moving ( 316 ) the bumper ( 322 ) such that the empty connector ( 320 ) is not blocked from receiving the attachable computing device ( 324 ).
  • moving ( 316 ) the bumper ( 322 ) may be carried out by retracting the bumper into the server chassis, such that the empty connector ( 320 ) is not blocked from receiving the attachable computing device ( 324 ).
  • the hardware virus detection module ( 302 ) can include computer program instructions that, when executed, control the operation of the bumper ( 322 ). In the example method of FIG.
  • moving ( 316 ) the bumper ( 322 ) such that the empty connector ( 320 ) is not blocked from receiving the attachable computing device ( 324 ) is carried out in response to determining that the empty connector ( 320 ) is not ( 306 ) damaged and also determining that the connector ( 326 ) for the attachable computing device ( 324 ) is not ( 310 ) damaged.
  • the example method of FIG. 3 also includes reporting ( 318 ), by the hardware virus detection module ( 302 ), that a hardware virus has been detected.
  • Reporting ( 318 ) that a hardware virus has been detected may be carried out, for example, by the hardware virus detection module ( 302 ) sending a message to a system administrator identifying the nature of the hardware virus, by recording information in a virus log identifying the nature of the hardware virus, by illuminating an indicator light on the computing system ( 300 ) identifying the nature of the hardware virus, and so on.
  • the hardware virus detection module ( 302 ) sending a message to a system administrator identifying the nature of the hardware virus, by recording information in a virus log identifying the nature of the hardware virus, by illuminating an indicator light on the computing system ( 300 ) identifying the nature of the hardware virus, and so on.
  • reporting ( 318 ), by the hardware virus detection module ( 302 ), that a hardware virus has been detected may be carried out in response to affirmatively ( 314 ) determining that the empty connector ( 320 ) is damaged.
  • reporting ( 318 ) that a hardware virus has been detected may alternatively be carried out in response to affirmatively ( 312 ) determining that the connector ( 326 ) for the attachable computing ( 324 ) device is damaged.
  • reporting ( 318 ) that a hardware virus has been detected may also include identifying information regarding the nature of the hardware virus.
  • reporting ( 318 ) that a hardware virus has been detected may include identifying a particular pin that has been damaged and even identifying the nature of the damage (e.g., pin 15 is bent, pin 15 is missing, female connector 15 has a pin stuck inside of it, and so on).
  • FIG. 4 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • the example method of FIG. 4 is similar to the example method of FIG. 3 as it also includes determining ( 304 ) whether an empty connector ( 320 ) in the computing system ( 300 ) is damaged, determining ( 308 ) whether a connector ( 326 ) for the attachable computing device ( 324 ) is damaged, and moving ( 316 ) the bumper ( 322 ) such that the empty connector ( 320 ) is not blocked from receiving the attachable computing device ( 324 ).
  • the example method of FIG. 4 also includes receiving ( 402 ) the attachable computing device ( 324 ) by the empty connector ( 320 ).
  • receiving ( 402 ) the attachable computing device ( 324 ) by the empty connector ( 320 ) may be carried out by creating an electrical connection between the empty connector ( 320 ) and the connector ( 326 ) of the attachable computing device ( 324 ).
  • the attachable computing device ( 324 ) is a blade server and the empty connector ( 320 ) is a connector in a slot of a blade chassis for receiving a blade server.
  • receiving ( 402 ) the attachable computing device ( 324 ) by the empty connector ( 320 ) may be carried out by a system administrator inserting the blade server into the slot of the blade chassis, such that a connector of the blade server becomes coupled with a connector of the blade chassis.
  • the example method of FIG. 4 also includes determining ( 404 ), by the hardware virus detection module ( 302 ), whether the attachable computing device ( 324 ) has been disconnected from the empty connector ( 320 ).
  • determining ( 404 ) whether the attachable computing device ( 324 ) has been disconnected from the empty connector ( 320 ) may be carried out, for example, by determining that the electrical connection between the empty connector ( 320 ) and the connector ( 326 ) of the attachable computing device ( 324 ) has been broken.
  • the attachable computing device ( 324 ) may be disconnected from the empty connector ( 320 ) by a system administrator removing the attachable computing device ( 324 ) from the computing system ( 300 ).
  • the attachable computing device ( 324 ) is a blade server and the empty connector ( 320 ) is a connector in a slot of a blade chassis for receiving a blade server.
  • the attachable computing device ( 324 ) may be disconnected from the empty connector ( 320 ) by a system administrator removing the blade server from the slot of the blade chassis.
  • the example method of FIG. 4 also includes moving ( 408 ) the bumper ( 322 ) such that the empty connector ( 320 ) is blocked from receiving the attachable computing device ( 324 ).
  • the bumper ( 322 ) of FIG. 4 may be embodied as a physical obstacle that prevents the empty connector ( 320 ) from receiving an attachable computing device ( 324 ).
  • the bumper ( 322 ) of FIG. 4 may be embodied as a retractable pin or plate that prevents the insertion of a blade server into a slot in a blade chassis for receiving a blade server.
  • moving ( 408 ) the bumper ( 322 ) such that the empty connector ( 320 ) is blocked from receiving the attachable computing device ( 324 ) may therefore be carried out by extending or otherwise un-retracting the bumper ( 322 ).
  • moving ( 408 ) the bumper ( 322 ) such that the empty connector ( 320 ) is blocked from receiving the attachable computing device ( 324 ) is carried out in response to affirmatively ( 406 ) determining that the attachable computing device ( 324 ) has been disconnected from the empty connector ( 320 ).
  • FIG. 5 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • the example method of FIG. 5 is similar to the example method of FIG. 3 as it also includes determining ( 304 ) whether an empty connector ( 320 ) in the computing system ( 300 ) is damaged, determining ( 308 ) whether a connector ( 326 ) for the attachable computing device ( 324 ) is damaged, and moving ( 316 ) the bumper ( 322 ) such that the empty connector ( 320 ) is not blocked from receiving the attachable computing device ( 324 ).
  • the example method of FIG. 5 also includes determining ( 502 ) whether the attachable computing device ( 324 ) can be operatively coupled to the computing system ( 300 ). In the example method of FIG. 5 , determining ( 502 ) whether the attachable computing device ( 324 ) can be operatively coupled to the computing system ( 300 ) is carried out in response to affirmatively ( 314 ) determining that the empty connector ( 320 ) is damaged or affirmatively ( 312 ) determining that the connector ( 326 ) for the attachable computing device ( 324 ) is damaged. In the example method of FIG.
  • the attachable computing device ( 324 ) can be operatively coupled to the computing system ( 300 ) in spite of the damage, for example, when the damaged components are not used when coupling the attachable computing device ( 324 ) to the computing system ( 300 ).
  • the attachable computing device ( 324 ) is a blade server and the empty connector ( 320 ) is a connector in a slot of a blade chassis for receiving a blade server.
  • the empty connector ( 320 ) may be determined to be damaged as the connector to receive an option card is damaged.
  • the damage to the empty connector ( 320 ) may not prohibit the blade server from being operatively connected to the blade chassis via the empty connector ( 320 ).
  • the blade server could be inserted into the slot of the blade chassis and the blade server could operate normally in spite of the damage to the empty connector ( 320 ).
  • determining ( 502 ) whether the attachable computing device ( 324 ) can be operatively coupled to the computing system ( 300 ) may be carried out, for example, by identifying the particular portion of the empty connector ( 320 ) that is damaged and inspecting an image of the connector ( 326 ) of the attachable computing device ( 324 ) to determine whether the attachable computing device ( 324 ) will need to utilize the particular portion of the empty connector ( 320 ) that is damaged.
  • determining ( 502 ) whether the attachable computing device ( 324 ) can be operatively coupled to the computing system ( 300 ) may be carried out by sending information to a system administrator identifying the nature of the damage and receiving user-input from the system administrator confirming that the attachable computing device ( 324 ) can be operatively coupled to the computing system ( 300 ) in spite of the damage.
  • the hardware virus detection module ( 302 ) can move ( 316 ) the bumper ( 322 ) such that the empty connector ( 320 ) is not blocked from receiving the attachable computing device ( 324 ) as described above with reference to FIG. 3 and FIG. 4 .
  • aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
  • the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
  • a computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
  • a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
  • a computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
  • These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • the computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s).
  • the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.

Abstract

Preventing propagation of hardware viruses in a computing system, including: determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper; determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The field of the invention is data processing, or, more specifically, methods, apparatus, and products for preventing propagation of hardware viruses in a computing system.
  • 2. Description of Related Art
  • Modern computing systems can take on a variety of form factors and can frequently be augmented by adding attached components. One example of such a computing system is a blade center that includes a plurality of blade servers. Such computing systems may be vulnerable to a hardware virus that causes hardware components of the computing system to be damaged. In the context of a blade center, a hardware virus can include a damaged connector on the midplane of the blade chassis such that any blade server that is plugged into that slot will become damaged. For example, a bent pin on the midplane connector can damage, or infect, the corresponding connector on any blade server that is being plugged in to the damaged connector. Likewise, any blade server that is infected with a hardware virus can damage the midplane connector when the damaged blade server is plugged in to the midplane connector. In such a way, the hardware virus can spread to other hardware components in the computing system.
    • SUMMARY OF THE INVENTION
  • Methods, apparatus, and products for preventing propagation of hardware viruses in a computing system, including: determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper; determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
  • The foregoing and other objects, features and advantages of the invention will be apparent from the following more particular descriptions of exemplary embodiments of the invention as illustrated in the accompanying drawings wherein like reference numbers generally represent like parts of exemplary embodiments of the invention.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 sets forth a diagram of an example computing system capable of preventing propagation of hardware viruses according to embodiments of the present invention.
  • FIG. 2 sets forth a block diagram of automated computing machinery comprising an example blade management module useful in preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 3 sets forth a flow chart illustrating an example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 4 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
  • FIG. 5 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention.
    •  DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS
  • Example methods, apparatus, and products for preventing propagation of hardware viruses in a computing system in accordance with the present invention are described with reference to the accompanying drawings, beginning with FIG. 1. FIG. 1 sets forth a diagram of an example computing system capable of preventing propagation of hardware viruses according to embodiments of the present invention. The computing system of FIG. 1 includes a blade center (102) that is coupled for data communications through a network (100) to a remote management terminal (105) operated by a user (101) such as a system administrator. The blade center (102) of FIG. 1 is embodied as a two-bay chassis (104, 106) that includes a plurality of blade servers (124), one or more blade management modules (152), a media tray (122), and a blade server system power supply (132).
  • The blade management module (152) includes one or more software and hardware components and one or more computer processors and computer memory. The blade management module (152) provides system management functions for all components in the example blade center (102) including the blade servers (124) and the media tray (122). The blade servers (124), which are installed in the cabinet bay (104) of the exemplary blade center (102) in the example of FIG. 1, are several computing devices implemented in blade form factor. The blade servers share access to the media tray (122). The blade servers (124) are connected to one another and to the blade management module (152) for data communications through a local area network (‘LAN’) (103). The LAN (103) is a small network installed within the chassis of the blade center.
  • The media tray (122) houses non-volatile memory media and also makes available connections for user input devices such as mice or keyboards (181) that are not generally connected directly to the blade servers or to the blade center chassis. A media tray may typically include Compact Disc read-only media drives (‘CD-ROM’), Digital Video Disc ROM drives (DVD-ROM), CD-RW drives, DVD-RW drives, floppy disk drives, and so on as will occur to those of skill in the art.
  • The arrangement of the blade center (192), the remote management terminal (105), the networks (100, 103), and other devices making up the exemplary system illustrated in FIG. 1 are for explanation, not for limitation. Data processing systems useful according to various embodiments of the present invention for preventing propagation of hardware viruses may include additional servers, routers, and other devices, not shown in FIG. 1, as will occur to those of skill in the art. Networks in such data processing systems may support many data communications protocols, including for example TCP (Transmission Control Protocol), IP (Internet Protocol), HTTP (HyperText Transfer Protocol), WAP (Wireless Access Protocol), HDTP (Handheld Device Transport Protocol), and others as will occur to those of skill in the art. Various embodiments of the present invention may be implemented on a variety of hardware platforms in addition to those illustrated in FIG. 1.
  • FIG. 2 sets forth a block diagram of automated computing machinery comprising an example blade management module (152) useful in preventing propagation of hardware viruses in a computing system according to embodiments of the present invention. The blade management module (152) of FIG. 2 includes at least one computer processor (256) or ‘CPU’ as well as random access memory (268) (‘RAM’) which is connected through a high speed memory bus (266) and bus adapter (258) to processor (256) and to other components of the blade management module (152).
  • Stored in RAM (268) is a hardware virus detection module (302), a module of computer program instructions for preventing propagation of hardware viruses in a computing system. Also stored in RAM (268) is an operating system (254). Operating systems useful preventing propagation of hardware viruses in a computing system according to embodiments of the present invention include UNIX™, Linux™, Microsoft XP™, AIX™, IBM's i5/OS™, and others as will occur to those of skill in the art. The operating system (254) and the hardware virus protection module (302) in the example of FIG. 2 are shown in RAM (268), but many components of such software typically are stored in non-volatile memory also, such as, for example, on a disk drive (270).
  • The blade management module (152) of FIG. 2 includes disk drive adapter (272) coupled through expansion bus (260) and bus adapter (258) to processor (256) and other components of the blade management module (152). Disk drive adapter (272) connects non-volatile data storage to the blade management module (152) in the form of disk drive (270). Disk drive adapters useful in computers for [preamble] according to embodiments of the present invention include Integrated Drive Electronics (‘IDE’) adapters, Small Computer System Interface (‘SCSI’) adapters, and others as will occur to those of skill in the art. Non-volatile computer memory also may be implemented for as an optical disk drive, electrically erasable programmable read-only memory (so-called ‘EEPROM’ or ‘Flash’ memory), RAM drives, and so on, as will occur to those of skill in the art.
  • The example blade management module (152) of FIG. 2 includes one or more input/output (‘I/O’) adapters (278). I/O adapters implement user-oriented input/output through, for example, software drivers and computer hardware for controlling output to display devices such as computer display screens, as well as user input from user input devices (281) such as keyboards and mice. The example blade management module (152) of FIG. 2 includes a video adapter (209), which is an example of an I/O adapter specially designed for graphic output to a display device (280) such as a display screen or computer monitor. Video adapter (209) is connected to processor (256) through a high speed video bus (264), bus adapter (258), and the front side bus (262), which is also a high speed bus.
  • The example blade management module (152) of FIG. 2 includes a communications adapter (267) for data communications with other computers (282) and for data communications with a data communications network (200). Such data communications may be carried out serially through RS-232 connections, through external buses such as a Universal Serial Bus (‘USB’), through data communications networks such as IP data communications networks, and in other ways as will occur to those of skill in the art. Communications adapters implement the hardware level of data communications through which one computer sends data communications to another computer, directly or through a data communications network. Examples of communications adapters useful for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention include modems for wired dial-up communications, Ethernet (IEEE 802.3) adapters for wired data communications network communications, and 802.11 adapters for wireless data communications network communications.
  • For further explanation, FIG. 3 sets forth a flow chart illustrating an example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention. In the example method of FIG. 3, the computing system (300) may be embodied as a blade center that includes a blade chassis and a plurality of blade servers installed in the blade chassis.
  • The computing system of FIG. 3 also includes a hardware virus detection module (302). In the example method of FIG. 3, the hardware virus detection module (302) may be embodied as automated computing machinery that includes computer program instructions executing on computer hardware. The hardware virus detection module (302) may include computer program instructions that are stored in read-only memory attached to a midplane of the blade center, as computer program instructions that are included as part of a management module that manages the operations performed in the blade center, and in other ways as will occur to those of skill in the art.
  • The example method of FIG. 3 includes determining (304), by the hardware virus detection module (302), whether an empty connector (320) in the computing system (300) is damaged. In the example method of FIG. 3, the empty connector (320) in the computing system (300) may be embodied, for example, as a connector in a slot configured to receive a blade server. The empty connector (320) may include a male jack, a female jack, or may be embodied in another form factor of connector configured to connect an attachable computing device such as a blade server to the computing system (300).
  • In the example method of FIG. 3, the empty connector (320) is blocked from receiving an attachable computing device (324) by a bumper (322). The bumper (322) of FIG. 3 may be embodied as a physical obstacle that prevents the empty connector (320) from receiving an attachable computing device (324). For example, the bumper (322) of FIG. 3 may be embodied as a retractable pin or plate that prevents the insertion of a blade server into a slot in a blade chassis for receiving a blade server. When a particular connector in the computing system (300) is empty, the retractable pin or plate may be in an un-retracted state such an attachable computing device (324) cannot be inserted into the empty connector (320) until the integrity of the empty connector (320) and the attachable computing device (324) has been verified.
  • In the example method of FIG. 3, determining (304) whether an empty connector (320) in the computing system (300) is damaged may be carried out, for example, through the use of an image sensor that is controlled by the hardware virus detection module (302). The hardware virus detection module (302) may be configured to control the operation of the image sensor to capture an image of the empty connector (320) and compare the captured image of the empty connector (320) to an image of an undamaged connector of the same type. By comparing the captured image of the empty connector (320) to an image of an undamaged connector of the same type, the hardware virus detection module (302) can identify missing pins on the empty connector (320), bent pins on the empty connector (320), and other forms of damage to the empty connector (320) as will occur to those of skill in the art.
  • The example method of FIG. 3 also includes determining (308), by the hardware virus detection module (302), whether a connector (326) for the attachable computing device (324) is damaged. In the example method of FIG. 3, determining (308) whether a connector (326) for the attachable computing device (324) is damaged may be carried out, for example, upon an attempt to insert the attachable computing device (324) into the empty connector (320).
  • Consider an example in which the attachable computing device (324) is a blade server and the empty connector (320) is a connector in a slot of a blade chassis for receiving a blade server. In such an example, a system administrator will not be able to insert the blade server into the slot of the blade chassis because physical access to the empty connector (320) is blocked by the bumper (322). Bringing the blade server within a predetermined distance of the bumper (322), however, may cause a scan of the attachable computing device (324) to be initiated. For example, the hardware virus detection module (302) may be configured to control the operation of the image sensor to capture an image of the connector (326) of the attachable computing device (324) and to compare the captured image of the connector (326) of the attachable computing device (324) to an image of an undamaged connector of the same type. By comparing the captured image of the connector (326) of the attachable computing device (324) to an image of an undamaged connector of the same type, the hardware virus detection module (302) can identify missing pins on the connector (326) of the attachable computing device (324), bent pins on the connector (326) of the attachable computing device (324), and other forms of damage to the connector (326) of the attachable computing device (324) as will occur to those of skill in the art.
  • Although the examples described above include the use of image sensing technologies to identify damage to connectors, readers will appreciate that damage to connectors may be detected in other ways. For example, damage to connectors may be detected through the use of an image sensor and a light to compare the reflection profile of a connector to a template. Other contemplated techniques include the use of an electrical source to identify an electrical short that results from damage to a connector, the use of mechanical techniques to compare the mechanical properties of a connector a profile, and so on.
  • The example method of FIG. 3 also includes moving (316) the bumper (322) such that the empty connector (320) is not blocked from receiving the attachable computing device (324). Consider the example in which the bumper (322) is retractable. In such an example, moving (316) the bumper (322) may be carried out by retracting the bumper into the server chassis, such that the empty connector (320) is not blocked from receiving the attachable computing device (324). In such an example, the hardware virus detection module (302) can include computer program instructions that, when executed, control the operation of the bumper (322). In the example method of FIG. 3, moving (316) the bumper (322) such that the empty connector (320) is not blocked from receiving the attachable computing device (324) is carried out in response to determining that the empty connector (320) is not (306) damaged and also determining that the connector (326) for the attachable computing device (324) is not (310) damaged.
  • The example method of FIG. 3 also includes reporting (318), by the hardware virus detection module (302), that a hardware virus has been detected. Reporting (318) that a hardware virus has been detected may be carried out, for example, by the hardware virus detection module (302) sending a message to a system administrator identifying the nature of the hardware virus, by recording information in a virus log identifying the nature of the hardware virus, by illuminating an indicator light on the computing system (300) identifying the nature of the hardware virus, and so on. In the example method of FIG. 3, reporting (318), by the hardware virus detection module (302), that a hardware virus has been detected may be carried out in response to affirmatively (314) determining that the empty connector (320) is damaged. Alternatively, reporting (318) that a hardware virus has been detected may alternatively be carried out in response to affirmatively (312) determining that the connector (326) for the attachable computing (324) device is damaged. In the example method of FIG. 3, reporting (318) that a hardware virus has been detected may also include identifying information regarding the nature of the hardware virus. For example, reporting (318) that a hardware virus has been detected may include identifying a particular pin that has been damaged and even identifying the nature of the damage (e.g., pin 15 is bent, pin 15 is missing, female connector 15 has a pin stuck inside of it, and so on).
  • For further explanation, FIG. 4 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention. The example method of FIG. 4 is similar to the example method of FIG. 3 as it also includes determining (304) whether an empty connector (320) in the computing system (300) is damaged, determining (308) whether a connector (326) for the attachable computing device (324) is damaged, and moving (316) the bumper (322) such that the empty connector (320) is not blocked from receiving the attachable computing device (324).
  • The example method of FIG. 4 also includes receiving (402) the attachable computing device (324) by the empty connector (320). In the example method of FIG. 4, receiving (402) the attachable computing device (324) by the empty connector (320) may be carried out by creating an electrical connection between the empty connector (320) and the connector (326) of the attachable computing device (324). Consider the example described above in which the attachable computing device (324) is a blade server and the empty connector (320) is a connector in a slot of a blade chassis for receiving a blade server. In such an example, receiving (402) the attachable computing device (324) by the empty connector (320) may be carried out by a system administrator inserting the blade server into the slot of the blade chassis, such that a connector of the blade server becomes coupled with a connector of the blade chassis.
  • The example method of FIG. 4 also includes determining (404), by the hardware virus detection module (302), whether the attachable computing device (324) has been disconnected from the empty connector (320). In the example method of FIG. 4, determining (404) whether the attachable computing device (324) has been disconnected from the empty connector (320) may be carried out, for example, by determining that the electrical connection between the empty connector (320) and the connector (326) of the attachable computing device (324) has been broken. In such an example, the attachable computing device (324) may be disconnected from the empty connector (320) by a system administrator removing the attachable computing device (324) from the computing system (300). Consider the example described above in which the attachable computing device (324) is a blade server and the empty connector (320) is a connector in a slot of a blade chassis for receiving a blade server. In such an example, the attachable computing device (324) may be disconnected from the empty connector (320) by a system administrator removing the blade server from the slot of the blade chassis.
  • The example method of FIG. 4 also includes moving (408) the bumper (322) such that the empty connector (320) is blocked from receiving the attachable computing device (324). The bumper (322) of FIG. 4 may be embodied as a physical obstacle that prevents the empty connector (320) from receiving an attachable computing device (324). For example, the bumper (322) of FIG. 4 may be embodied as a retractable pin or plate that prevents the insertion of a blade server into a slot in a blade chassis for receiving a blade server. In the example method of FIG. 4, moving (408) the bumper (322) such that the empty connector (320) is blocked from receiving the attachable computing device (324) may therefore be carried out by extending or otherwise un-retracting the bumper (322). In such an example, moving (408) the bumper (322) such that the empty connector (320) is blocked from receiving the attachable computing device (324) is carried out in response to affirmatively (406) determining that the attachable computing device (324) has been disconnected from the empty connector (320).
  • For further explanation, FIG. 5 sets forth a flow chart illustrating a further example method for preventing propagation of hardware viruses in a computing system according to embodiments of the present invention. The example method of FIG. 5 is similar to the example method of FIG. 3 as it also includes determining (304) whether an empty connector (320) in the computing system (300) is damaged, determining (308) whether a connector (326) for the attachable computing device (324) is damaged, and moving (316) the bumper (322) such that the empty connector (320) is not blocked from receiving the attachable computing device (324).
  • The example method of FIG. 5 also includes determining (502) whether the attachable computing device (324) can be operatively coupled to the computing system (300). In the example method of FIG. 5, determining (502) whether the attachable computing device (324) can be operatively coupled to the computing system (300) is carried out in response to affirmatively (314) determining that the empty connector (320) is damaged or affirmatively (312) determining that the connector (326) for the attachable computing device (324) is damaged. In the example method of FIG. 5, the attachable computing device (324) can be operatively coupled to the computing system (300) in spite of the damage, for example, when the damaged components are not used when coupling the attachable computing device (324) to the computing system (300).
  • Consider the example described above in which the attachable computing device (324) is a blade server and the empty connector (320) is a connector in a slot of a blade chassis for receiving a blade server. In such an example, the empty connector (320) may be determined to be damaged as the connector to receive an option card is damaged. In such an example, however, if the blade server does not include an option card, the damage to the empty connector (320) may not prohibit the blade server from being operatively connected to the blade chassis via the empty connector (320). As such, the blade server could be inserted into the slot of the blade chassis and the blade server could operate normally in spite of the damage to the empty connector (320).
  • In the example method of FIG. 5, determining (502) whether the attachable computing device (324) can be operatively coupled to the computing system (300) may be carried out, for example, by identifying the particular portion of the empty connector (320) that is damaged and inspecting an image of the connector (326) of the attachable computing device (324) to determine whether the attachable computing device (324) will need to utilize the particular portion of the empty connector (320) that is damaged. Alternatively, determining (502) whether the attachable computing device (324) can be operatively coupled to the computing system (300) may be carried out by sending information to a system administrator identifying the nature of the damage and receiving user-input from the system administrator confirming that the attachable computing device (324) can be operatively coupled to the computing system (300) in spite of the damage. In response to affirmatively (504) determining that the attachable computing device (324) can be operatively coupled to the computing system (300), the hardware virus detection module (302) can move (316) the bumper (322) such that the empty connector (320) is not blocked from receiving the attachable computing device (324) as described above with reference to FIG. 3 and FIG. 4.
  • Although the examples described above make specific reference to a blade server that is inserted into a blade chassis, readers will appreciate that these examples are only given for illustrative purposes and do not represent limitations of embodiments of the present invention. Embodiments of the present invention are contemplated in which the claimed computing system can take many forms such as a personal computer, mobile communications device, tablet computer, non-blade servers, or other computing device that includes a connector for coupling the computing system to another physical device.
  • As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
  • Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
  • A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
  • Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
  • Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • Aspects of the present invention are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
  • The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
  • The flowchart and block diagrams in the Figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
  • It will be understood from the foregoing description that modifications and changes may be made in various embodiments of the present invention without departing from its true spirit. The descriptions in this specification are for purposes of illustration only and are not to be construed in a limiting sense. The scope of the present invention is limited only by the language of the following claims.

Claims (20)

What is claimed is:
1. A method of preventing propagation of hardware viruses in a computing system, the method comprising:
determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper;
determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and
responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
2. The method of claim 1 further comprising, responsive to determining that the empty connector is damaged, reporting, by the hardware virus detection module, that a hardware virus has been detected.
3. The method of claim 1 further comprising, responsive to determining that the connector for the attachable computing device is damaged, reporting, by the hardware virus detection module, that a hardware virus has been detected.
4. The method of claim 1 wherein the computing system is a blade chassis and the empty connector is included in a slot configured to receive a blade server.
5. The method of claim 1 wherein the attachable computing device is a blade server.
6. The method of claim 1 further comprising:
receiving the attachable computing device by the empty connector;
determining, by the hardware virus detection module, whether the attachable computing device has been disconnected from the empty connector; and
responsive to determining that the attachable computing device has been disconnected from the empty connector, moving the bumper such that the empty connector is blocked from receiving the attachable computing device.
7. The method of claim 1 further comprising:
responsive to determining that the empty connector is damaged or that the connector for the attachable computing device is damaged, determining whether the attachable computing device can be operatively coupled to the computing system; and
responsive to determining that the attachable computing device can be operatively coupled to the computing system, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
8. An apparatus for preventing propagation of hardware viruses in a computing system, the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper;
determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and
responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
9. The apparatus of claim 8 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the step of, responsive to determining that the empty connector is damaged, reporting, by the hardware virus detection module, that a hardware virus has been detected.
10. The apparatus of claim 8 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the step of, responsive to determining that the connector for the attachable computing device is damaged, reporting, by the hardware virus detection module, that a hardware virus has been detected.
11. The apparatus of claim 8 wherein the computing system is a blade chassis and the empty connector is included in a slot configured to receive a blade server.
12. The apparatus of claim 8 wherein the attachable computing device is a blade server.
13. The apparatus of claim 8 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
receiving the attachable computing device by the empty connector;
determining, by the hardware virus detection module, whether the attachable computing device has been disconnected from the empty connector; and
responsive to determining that the attachable computing device has been disconnected from the empty connector, moving the bumper such that the empty connector is blocked from receiving the attachable computing device.
14. The apparatus of claim 8 further comprising computer program instructions that, when executed by the computer processor, cause the apparatus to carry out the steps of:
responsive to determining that the empty connector is damaged or that the connector for the attachable computing device is damaged, determining whether the attachable computing device can be operatively coupled to the computing system; and
responsive to determining that the attachable computing device can be operatively coupled to the computing system, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
15. A computer program product for preventing propagation of hardware viruses in a computing system, the computer program product disposed upon a computer readable medium, the computer program product comprising computer program instructions that, when executed, cause a computer to carry out the steps of:
determining, by a hardware virus detection module, whether an empty connector in the computing system is damaged, wherein the empty connector is blocked from receiving an attachable computing device by a bumper;
determining, by the hardware virus detection module, whether a connector for the attachable computing device is damaged; and
responsive to determining that the empty connector is not damaged and that the connector for the attachable computing device is not damaged, moving the bumper such that the empty connector is not blocked from receiving the attachable computing device.
16. The computer program product of claim 15 further comprising computer program instructions that, when executed, cause the computer to carry out the step of, responsive to determining that the empty connector is damaged, reporting, by the hardware virus detection module, that a hardware virus has been detected.
17. The computer program product of claim 15 further comprising computer program instructions that, when executed, cause the computer to carry out the step of, responsive to determining that the connector for the attachable computing device is damaged, reporting, by the hardware virus detection module, that a hardware virus has been detected.
18. The computer program product of claim 15 wherein the computing system is a blade chassis and the empty connector is included in a slot configured to receive a blade server.
19. The computer program product of claim 15 wherein the attachable computing device is a blade server.
20. The computer program product of claim 15 further comprising computer program instructions that, when executed, cause the computer to carry out the step of:
receiving the attachable computing device by the empty connector;
determining, by the hardware virus detection module, whether the attachable computing device has been disconnected from the empty connector; and
responsive to determining that the attachable computing device has been disconnected from the empty connector, moving the bumper such that the empty connector is blocked from receiving the attachable computing device.
US13/778,372 2013-02-27 2013-02-27 Preventing propagation of hardware viruses in a computing system Active 2033-07-25 US9251346B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/778,372 US9251346B2 (en) 2013-02-27 2013-02-27 Preventing propagation of hardware viruses in a computing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/778,372 US9251346B2 (en) 2013-02-27 2013-02-27 Preventing propagation of hardware viruses in a computing system

Publications (2)

Publication Number Publication Date
US20140245445A1 true US20140245445A1 (en) 2014-08-28
US9251346B2 US9251346B2 (en) 2016-02-02

Family

ID=51389707

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/778,372 Active 2033-07-25 US9251346B2 (en) 2013-02-27 2013-02-27 Preventing propagation of hardware viruses in a computing system

Country Status (1)

Country Link
US (1) US9251346B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9251346B2 (en) * 2013-02-27 2016-02-02 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Preventing propagation of hardware viruses in a computing system

Citations (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3594694A (en) * 1968-11-08 1971-07-20 G & H Technology Quick disconnect connector
US4696047A (en) * 1985-02-28 1987-09-22 Texas Instruments Incorporated Apparatus for automatically inspecting electrical connecting pins
US4927692A (en) * 1988-11-25 1990-05-22 International Business Machines Corporation Antistatic mask for use with electronic test apparatus
US4993964A (en) * 1989-04-18 1991-02-19 Martin Marietta Corporation Electrical connector environmental sealing plug
US5043931A (en) * 1989-06-19 1991-08-27 International Business Machines Corporation Wrap test system and method
US5051100A (en) * 1989-06-27 1991-09-24 Yazaki Corporation Electrical connector
US5581540A (en) * 1995-02-08 1996-12-03 International Business Machines Corporation Single disk write protection system for multiple-disk cartridge
US5748910A (en) * 1996-01-31 1998-05-05 Hewlett-Packard Company Automatic enabling/disabling of termination impedance for a computer bus
US6061903A (en) * 1997-10-10 2000-05-16 International Business Machines Corporation Assembly of electrical components on printed circuit boards
US6457071B1 (en) * 1999-08-05 2002-09-24 Hewlett-Packard Company System and method for determining connection accuracy at an interface
US6493827B1 (en) * 1999-03-17 2002-12-10 International Business Machines Corporation Method and system for monitoring configuration changes in a data processing system
US20030197607A1 (en) * 2002-04-18 2003-10-23 International Business Machines Corporation Modular school computer system and method
US6747424B1 (en) * 2000-10-02 2004-06-08 International Business Machines Corporation Integrated fan speed control and fault detection circuitry
US20040152350A1 (en) * 2002-07-09 2004-08-05 Mastoris Steven F. Methods and devices for protecting pins of a pin connector
US6826113B2 (en) * 2003-03-27 2004-11-30 International Business Machines Corporation Synchronous dynamic random access memory device having memory command cancel function
US20060014420A1 (en) * 2004-07-16 2006-01-19 Levi Lebo Method of simplifying placement of jumpers using templates
US20080258704A1 (en) * 2007-04-23 2008-10-23 Ryskoski Matthew S Method and apparatus for identifying broken pins in a test socket
US7480774B2 (en) * 2003-04-01 2009-01-20 International Business Machines Corporation Method for performing a command cancel function in a DRAM
US20090090863A1 (en) * 2007-10-03 2009-04-09 Ebara Corporation Sample surface observation method
US7755376B2 (en) * 2005-10-12 2010-07-13 Delta Design, Inc. Camera based pin grid array (PGA) inspection system with pin base mask and low angle lighting
US7791217B2 (en) * 2007-09-04 2010-09-07 Toyota Jidosha Kabushiki Kaisha Electric-powered vehicle chargeable by external power supply
US7927130B2 (en) * 2008-03-31 2011-04-19 Fujitsu Limited Electronic apparatus and connector module used for this electronic apparatus
US7990105B2 (en) * 2006-03-17 2011-08-02 Yamaha Hatsudoki Kabushiki Kaisha Power supply device for a vehicle
US8060141B2 (en) * 2008-01-16 2011-11-15 Wistron Neweb Corp. Method for permitting change of an electronic card without powering off and communications device employing the method
US8230397B2 (en) * 2008-01-23 2012-07-24 International Business Machines Corporation Automated solution that detects configuration problems in an eclipse-based software application
US8425243B2 (en) * 2011-07-11 2013-04-23 Apple Inc. Magnetically activated connector port cover
US20130212427A1 (en) * 2012-02-14 2013-08-15 International Business Machines Corporation Reclaiming discarded solid state devices
US8655856B2 (en) * 2009-12-22 2014-02-18 International Business Machines Corporation Method and apparatus for policy distribution
US20140074872A1 (en) * 2012-09-10 2014-03-13 International Business Machines Corp. Managing Workload Optimized Systems using Relational Database Modeling and Triggers

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8843604B2 (en) 2003-06-19 2014-09-23 International Business Machines Corporation Method for interlocking a server to a server system and a computer system utilizing the same
US20080222532A1 (en) 2004-11-30 2008-09-11 Mester Michael L Controlling and Monitoring Propagation Within a Network
US7454687B2 (en) 2005-07-06 2008-11-18 International Busniess Machines Corporation Method and infrastructure for recognition of the resources of a defective hardware unit
US7478177B2 (en) 2006-07-28 2009-01-13 Dell Products L.P. System and method for automatic reassignment of shared storage on blade replacement
US7861110B2 (en) 2008-04-30 2010-12-28 Egenera, Inc. System, method, and adapter for creating fault-tolerant communication busses from standard components
US8201266B2 (en) 2008-05-21 2012-06-12 International Business Machines Corporation Security system to prevent tampering with a server blade
US8484493B2 (en) 2008-10-29 2013-07-09 Dell Products, Lp Method for pre-chassis power multi-slot blade identification and inventory
JP5074351B2 (en) 2008-10-30 2012-11-14 株式会社日立製作所 System construction method and management server
US8171142B2 (en) 2010-06-30 2012-05-01 Vmware, Inc. Data center inventory management using smart racks
US8607225B2 (en) 2010-12-28 2013-12-10 Oracle International Corporation Managed upgrades of components in an integrated software and hardware system
US9251346B2 (en) * 2013-02-27 2016-02-02 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Preventing propagation of hardware viruses in a computing system

Patent Citations (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3594694A (en) * 1968-11-08 1971-07-20 G & H Technology Quick disconnect connector
US4696047A (en) * 1985-02-28 1987-09-22 Texas Instruments Incorporated Apparatus for automatically inspecting electrical connecting pins
US4927692A (en) * 1988-11-25 1990-05-22 International Business Machines Corporation Antistatic mask for use with electronic test apparatus
US4993964A (en) * 1989-04-18 1991-02-19 Martin Marietta Corporation Electrical connector environmental sealing plug
US5043931A (en) * 1989-06-19 1991-08-27 International Business Machines Corporation Wrap test system and method
US5051100A (en) * 1989-06-27 1991-09-24 Yazaki Corporation Electrical connector
US5581540A (en) * 1995-02-08 1996-12-03 International Business Machines Corporation Single disk write protection system for multiple-disk cartridge
US5748910A (en) * 1996-01-31 1998-05-05 Hewlett-Packard Company Automatic enabling/disabling of termination impedance for a computer bus
US6061903A (en) * 1997-10-10 2000-05-16 International Business Machines Corporation Assembly of electrical components on printed circuit boards
US6493827B1 (en) * 1999-03-17 2002-12-10 International Business Machines Corporation Method and system for monitoring configuration changes in a data processing system
US6457071B1 (en) * 1999-08-05 2002-09-24 Hewlett-Packard Company System and method for determining connection accuracy at an interface
US6747424B1 (en) * 2000-10-02 2004-06-08 International Business Machines Corporation Integrated fan speed control and fault detection circuitry
US20030197607A1 (en) * 2002-04-18 2003-10-23 International Business Machines Corporation Modular school computer system and method
US20040152350A1 (en) * 2002-07-09 2004-08-05 Mastoris Steven F. Methods and devices for protecting pins of a pin connector
US6826113B2 (en) * 2003-03-27 2004-11-30 International Business Machines Corporation Synchronous dynamic random access memory device having memory command cancel function
US7480774B2 (en) * 2003-04-01 2009-01-20 International Business Machines Corporation Method for performing a command cancel function in a DRAM
US20060014420A1 (en) * 2004-07-16 2006-01-19 Levi Lebo Method of simplifying placement of jumpers using templates
US7755376B2 (en) * 2005-10-12 2010-07-13 Delta Design, Inc. Camera based pin grid array (PGA) inspection system with pin base mask and low angle lighting
US7990105B2 (en) * 2006-03-17 2011-08-02 Yamaha Hatsudoki Kabushiki Kaisha Power supply device for a vehicle
US20080258704A1 (en) * 2007-04-23 2008-10-23 Ryskoski Matthew S Method and apparatus for identifying broken pins in a test socket
US7791217B2 (en) * 2007-09-04 2010-09-07 Toyota Jidosha Kabushiki Kaisha Electric-powered vehicle chargeable by external power supply
US20090090863A1 (en) * 2007-10-03 2009-04-09 Ebara Corporation Sample surface observation method
US8060141B2 (en) * 2008-01-16 2011-11-15 Wistron Neweb Corp. Method for permitting change of an electronic card without powering off and communications device employing the method
US8230397B2 (en) * 2008-01-23 2012-07-24 International Business Machines Corporation Automated solution that detects configuration problems in an eclipse-based software application
US8627289B2 (en) * 2008-01-23 2014-01-07 International Business Machines Corporation Detecting configuration problems in an eclipse-based software application
US7927130B2 (en) * 2008-03-31 2011-04-19 Fujitsu Limited Electronic apparatus and connector module used for this electronic apparatus
US8655856B2 (en) * 2009-12-22 2014-02-18 International Business Machines Corporation Method and apparatus for policy distribution
US8425243B2 (en) * 2011-07-11 2013-04-23 Apple Inc. Magnetically activated connector port cover
US20130212427A1 (en) * 2012-02-14 2013-08-15 International Business Machines Corporation Reclaiming discarded solid state devices
US20140074872A1 (en) * 2012-09-10 2014-03-13 International Business Machines Corp. Managing Workload Optimized Systems using Relational Database Modeling and Triggers

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9251346B2 (en) * 2013-02-27 2016-02-02 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Preventing propagation of hardware viruses in a computing system

Also Published As

Publication number Publication date
US9251346B2 (en) 2016-02-02

Similar Documents

Publication Publication Date Title
EP3767509B1 (en) System and method of inspecting archive slices for malware
US20140122931A1 (en) Performing diagnostic tests in a data center
US9038179B2 (en) Secure code verification enforcement in a trusted computing device
JP2013532866A (en) Hacker virus security integrated management machine
CN103413090A (en) System and method for detection and treatment of malware on data storage devices
US8843685B2 (en) Presence detectable baffle for electrical components in a computing system
US20120254423A1 (en) Monitoring Sensors For Systems Management
US20140013428A1 (en) Apparatus and method for managing operation of a mobile device
US9316603B2 (en) Detecting thermal interface material (‘TIM’) between a heat sink and an integrated circuit
US9448888B2 (en) Preventing a rollback attack in a computing system that includes a primary memory bank and a backup memory bank
US9435759B2 (en) Detecting thermal interface material (‘TIM’) between a heat sink and an integrated circuit
US8554974B2 (en) Expanding functionality of one or more hard drive bays in a computing system
US9251346B2 (en) Preventing propagation of hardware viruses in a computing system
US11023575B2 (en) Security sanitization of USB devices
US10418808B2 (en) Detecting electrostatic discharge events in a computer system
US9003172B2 (en) Intelligently controlling loading of legacy option ROMs in a computing system
US8521936B2 (en) Administering computing system resources in a computing system
US20110270814A1 (en) Expanding Functionality Of One Or More Hard Drive Bays In A Computing System
US9940289B2 (en) Preventing access to misplugged devices by a service processor
US9104558B2 (en) Preventing out-of-space errors for legacy option ROM in a computing system
US8645600B2 (en) Configuring expansion component interconnect (‘ECI’) physical functions on an ECI device in a computing system
US20160306664A1 (en) Utilizing computing resources under a disabled processor node
US11354212B2 (en) Component installation verification
TW201535108A (en) Testing system and testing method for computer

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DASARI, SHIVA R.;DHAWAN, SUDHIR;GUNDAM, RAGHUSWAMYREDDY;AND OTHERS;SIGNING DATES FROM 20130221 TO 20130226;REEL/FRAME:029884/0585

AS Assignment

Owner name: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD., SINGAPORE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:034194/0111

Effective date: 20140926

Owner name: LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.,

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:034194/0111

Effective date: 20140926

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: LENOVO INTERNATIONAL LIMITED, HONG KONG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE. LTD.;REEL/FRAME:038483/0940

Effective date: 20160505

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

AS Assignment

Owner name: LENOVO INTERNATIONAL LIMITED, HONG KONG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LENOVO ENTERPRISE SOLUTIONS (SINGAPORE) PTE LTD.;REEL/FRAME:050301/0033

Effective date: 20160401

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8